Service Notification - OneLogin Security Incident - 2017-06-02

Cisco has recently learned of a data incident involving an optional authentication feature for Cisco Umbrella, called OneLogin. While we have no indication that data associated with Cisco Umbrella accounts has been affected, we have taken precautionary steps to protect users who have this authentication feature enabled. As of today, we have disabled single sign-on (SSO) for any OneLogin accounts with certificates older than May 31, 2017 and are requiring passwords to be reset.

Accounts with metadata newer than May 31st have not been disabled, but if you have not followed the remediation steps outlined by OneLogin, you should disable SAML and follow the steps below.

Actions that will be required from users are noted below. We apologize for any inconvenience or concern this issue may have caused. For more information about this security incident, read:

Step 1 - Reset your password

You should have received a password reset email from Cisco Umbrella stating that SAML based SSO has been disabled for your organization. That email will contain a link to reset your password with Cisco Umbrella. Once you’ve reset your password, verify that you can access your Umbrella Dashboard.

If you have not received this email, you can manually reset your password from the Umbrella login page by clicking on the “Forgot your password?”

We are committed to transparency in the event of security incidents such as this. We continue to work closely to investigate this incident, and we will provide a update if new information is found that our customers need to be aware of.